Ansible tasks to authorize mutual SSH for hosts in a group

authorize_keys.yml

# Example inventory
# [cluster]
# node1
# node2
# node3

# Assume all users exist on all nodes
- set_fact:
    user_list:
      - name: foo
        home: /home/foo
      - name: bar
        home: /home/bar
      - name: root
        home: /root

- name: generate ssh keys
  user:
    name: "{{item.name}}"
    generate_ssh_key: yes
    ssh_key_comment: "{{item.name}}@{{inventory_hostname}} ansible-generated on {{ansible_date_time.iso8601}}"
  with_items: "{{ user_list }}"

- name: register keys
  shell: cat {{item.home}}/.ssh/id_rsa.pub
  changed_when: false
  register: pubkeys
  with_items: "{{ user_list }}"

- name: authorize keys
  authorized_key:
    user: "{{item[0].name}}"
    key: "{{ hostvars[item.1].pubkeys.results|selectattr('item', 'equalto', item.0)|map(attribute='stdout')|first }}"
  with_nested:
    - "{{ user_list }}"
    - "{{ groups['cluster'] }}"

- name: known hosts
  known_hosts:
    path: "{{item[0]}}/.ssh/known_hosts"
    name: "{{item[1]}}"
    key: >
      {{hostvars[item.1]['ansible_hostname']}},{{hostvars[item.1]['ansible_fqdn']}},{{hostvars[item.1]['ansible_all_ipv4_addresses']|join(',')}}
      ecdsa-sha2-nistp256 {{ hostvars[item.1].ansible_ssh_host_key_ecdsa_public}}
  with_nested:
    - "{{ user_list|map(attribute='home')|list }}"
    - "{{ groups['cluster'] }}"